Showing posts with label Antivirus. Show all posts
Showing posts with label Antivirus. Show all posts

February 21, 2018

From Malware To Malevolent People

So in virus protection on the computer, there are 2 common ways antivirus software works:

1) Signature Detection - There are known patterns of viruses and the antivirus software looks for a match against one of these. 

2) Behavior Detection - There are known patterns of normal behavior on the computer, and the antivirus software looks for deviations from this. 

Each has certain weaknesses:

- With signature detection, if there is a zero-day exploit (i.e. a virus that is new and therefore which has no known signature) then it will not be caught by a blacklist of known viruses.

- While with behavior detection, some viruses that are designed to look like normal network or application behavior will not be caught by heuristic/algorithm-based detection methods. 

For defense-in-depth then, we can see why employing a combination of both methods would work best to protect from malware. 

It's interesting that these same techniques for recognizing bad computer actors can be used for identifying bad or dangerous people. 

We can look for known signatures/patterns of evil, abusive, and violent behaviors and identify those people according to their bad actions.

Similarly, we generally know what "normal" looks like (within a range of standard deviations, of course) and people who behave outside those bounds could be considered as potentially dangerous to themselves or others. 

Yes, we can't jump to conclusions with people -- we don't want to misjudge anyone or be overly harsh with them, but at the same time, we are human beings and we have a survival instinct. 

So whether we're dealing with malware or malevolent individuals, looking at patterns of bad actors and significant deviations from the normal are helpful in protecting your data and your person. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 21, 2014

Safely Detonate That Malware


I like the potential of the FireEye Malware Protection System (MPS).

Unlike traditional signature-based malware protections like antivirus, firewalls, and intrusion prevention systems (IPS), FireEye is an additional security layer that uses a dynamic Multi-Vector Virtual Execution (MVX) engine to detonate even zero-day attacks from suspicious files, web pages, and email attachments. 

According to Bloomberg Businessweek, Target's implementation of FireEye detected the malware attack on Nov 30, 2013 and it alerted security officials, but allegedly "Target stood by as as 40 million credit card numbers--and 70 million addresses, phone numbers, and other pieces of personal information--gushed out of its mainframes"over two weeks!

In fact, FireEye could've been set to "automatically delete [the] malware as it's detected" without human intervention, but "Target's team apparently "turned that function off."

FireEye works by "creating a parallel computer network on virtual machines," and before data reaches its endpoint, they pass through FireEye's technology.  Here they are "fooled into thinking they're in real computers," and the files can be scanned, and attacks spotted in safe "detonation chambers."

Target may have been way off target in the way they bungled their security breach, but using FireEye properly, it is good to know that attacks like this potentially can be thwarted in the future. ;-)

[Note: this is not an endorsement of any product or vendor]
Share/Save/Bookmark

August 25, 2012

IT Security, The Frankenstein Way

Here's a riddle: When is a computer virus not a dangerous piece of malware? Answer: when it is hidden as Frankenstein code. 

The Economist (25 August 2012) describes how computer viruses are now being secretly passed into computers, by simply sending a blueprint for the virus rather than the harmful code itself into your computer--then the code is harvested from innocuous programs and assembled to form the virus itself. 

Like the fictional character, Frankenstein, that is stitched together out of scavenged body parts, the semantic blueprint pulls together code from host programs to form the viruses. 

This results is a polymorphic viruses, where based on the actual code being drawn from other programs, each virus ends up appearing a little different and can potentially mask itself--bypassing antivirus, firewall, and other security barriers. 

Flipping this strategy around, in a sense, Bloomberg Businessweek (20 June 2012) reports on a new IT security product by Bromium that prevents software downloads from entering the entire computer, and instead sets aside a virtual compartment to contain the code and ensure it is not malicious--and if the code is deemed dangerous, the cordoned-off compartment will dissolve preventing damage to the overall system.

So while on the offensive side, Frankenstein viruses stitch together parts of code to make a dangerous whole--here on the defensive side, we separate out dangerous code from potentially infecting the whole computer.  

Computer attacks are getting more sinister as they attempt to do an end-run around standardized security mechanisms, leading to continually evolving computer defenses to keep the Frankensteins out there, harmless, at bay.

(Source Photo: here with attribution to Dougal McGuire)

Share/Save/Bookmark

February 19, 2012

Big Phish, Small Phish

Phishing is an attack whereby someone pretends to be a trustworthy entity, but is really trying to get your personal information in order to steal from you or an organization.
Phishing is a type of social engineering where fraudsters try to deceive and spoof their victims by sending email or instant messages (or even by calling) and pretending to be a legitimate private or public sector organization. They then either request personal information, provide links to fake websites, or even create unauthorized pop-ups from legitimate websites to get you to give them your personal data.

Additionally, phishing emails can contain attachments that infect recipient's computers with malware, creating a backdoor to control or compromise a system and its information.

In all of these cases, the intent of phishing is impersonate others and lure consumers into providing information that can be used to steal identities, money, or information.
The word phishing alludes to the technique of baiting people and like in real fishing, fooling at least some into biting and getting caught in the trap. 

In this fraudulent type, perpetrators pretend to be legitimate financial institutions, retailers, social media companies, and government agencies in an attempt to get you to divulge private information like date of birth, social security numbers, mother maiden names, account numbers, passwords and more.
Once criminals have this valuable information, they can commit identity theft, break into your accounts, and steal money or information.

Spear-phishing is a derivative of this scam that is targeted on specific people, and whaling is when the scam is perpetrated on organization executives or other high profile targets,  which can be especially compromising and harmful to themselves or the organizations they represent.
The first recorded phishing attack was in 1987.  Over the years, the prevalence of these attacks have steadily increased. According to the Anti-phishing Working Group (APWG), there were some 20,000-25,000 unique phishing campaigns every months through the first half of 2011, each targeting potentially millions of users.  Additionally, as of March 2011, there were as many as 38,000 phishing sites.  The most targeted industry continues to be financial services with 47% of the attacks.
There are a number of ways to protect yourself against phishing attacks.
  1. Delete email and messages that are unwarranted and ask for personal information
  2. Do not click on links, instead go directly to a website by using a search engine to locate it or copying the link and pasting it into the browser
  3. Configure your browser to block pop-ups
  4. Use anti-virus, firewalls, and anti-spam software
  5. Set up automatic security updates
  6. Input personal information only into secure sites, such as those that begin with "https"
  7. Only open attachments when you are expecting them and recognize where they are coming from
  8. Check financial statements upon receipt for any fraudulent activity
  9. If you are caught in a phishing scheme, notify law enforcement and credit reporting authorities immediately
  10. Always be cautious in giving out personal information
Whether you consider yourself a big fish or a small fish, beware of those trying to catch you up on the Internet--hook, line, and sinker.

Share/Save/Bookmark